Content data transmitting device and method, and recording/reproducing device

ABSTRACT

The present invention is relative to a data transmission method for transmitting data such as encrypted content data. A device which is to be a destination of transmission is authenticated and, if the device has not been authenticated, encrypted data read out from a storage unit is decrypted to give decoded data, which then is re-encrypted, based on innate key data acquired from the device which is to be the destination of transmission, to give re-encrypted data. The re-encrypted data is then transmitted to the device which is to be a destination of transmission.

TECHNICAL FIELD

[0001] This invention relates to methods and apparatus for transmittingcontent data and a data recording and/or reproducing apparatus forpreventing truant duplication of data, such as digital content.

BACKGROUND ART

[0002] Up to now, it has been practiced to duplicate digital content,such as audio data, from a replay-only optical disc to a recordablemagneto-optical disc, as the digital content remains in the state ofdigital signals. When connected over a dedicated cable to a reproducingdevice for an optical disc for duplicating digital content, therecording and/or reproducing apparatus of the magneto-optical discupdates the truant duplication inhibiting information, enabling thedigital content to be duplicated only once, to recording inhibition, tosupervise the copyright. Thus, the digital content, duplicated from anoptical disc on a magneto-optical disc, cannot further be duplicated tothe magneto-optical disc.

[0003] The digital content are exchanged between terminal devices, suchas personal computers, over a network, such as Internet or LAN. In thiscase, the transmitting side terminal device uploads the digital content,along with an address of the receiving side terminal device, to a serverdevice, while the receiving side terminal device downloads the digitalcontent, addressed to itself, from the server device in which it isstored. In such exchange of digital content, interposed by the network,it is a frequent occurrence that the number of times of duplication ofthe digital content is not at all supervised.

[0004] The above-described system which exchanges digital content withthe interposition of the network employs a general-purpose computer,without employing a dedicated recording and/or reproducing apparatus fora magneto-optical disc as in the case of a system designed forduplicating digital content from a replay-only optical disc to arecordable magneto-optical disc. It is therefore difficult to add thetruant duplication preventative information to the digital content to beduplicated and to update the truant duplication preventative informationon duplication to perform copyright management.

DISCLOSURE OF THE INVENTION

[0005] It is therefore an object of the present invention to providemethods and apparatus for transmitting content data and a data recordingand/or reproducing apparatus whereby copyright management such asprohibition of truant data duplication can be achieved even in caseswherein digital content is exchanged indirectly with the interpositionof a server device in a network, without employing a recording medium asan entity, or directly between different devices over a wired route orover a radio path.

[0006] The present invention provides a data communication deviceincluding a storage unit for storage of encrypted data, anauthentication unit for authenticating a device which is to be thedestination of transmission, and a re-encryption unit for decoding thedata read out from the storage unit and for re-encrypting the decodeddata, wherein, when the device which is to be the destination oftransmission has been authenticated by the authentication unit, the dataread out from the storage unit is decoded, and wherein the so decodeddata is re-encrypted using innate key data acquired from the devicewhich is to be the destination of transmission as authenticated by theauthentication device. The so re-encrypted data is output to the devicewhich is to be the destination of transmission.

[0007] The data communication device according to the present inventionfurther includes a decision unit for determining, based on the resultsof authentication from the authentication unit, whether or not the dataread out from the storage unit is to be sent to the re-encryption unit.

[0008] The data communication device of the present invention furtherincludes an outputting unit supplied with output data from there-encryption unit, wherein, if the device which is to be thedestination of transmission has been authenticated by the authenticationunit to be a device to which data is directly transmitted from thetransmission device, the data read out from the storage unit is sent tothe output unit.

[0009] The data transmission device of the present invention furtherincludes a decoding unit for decoding data read out from the storageunit and a converter for converting an output signal of the decodingunit into analog signals. The decision unit sends the data read out fromthe storage unit to the decoding unit if the device which is to be thedestination of transmission has not been authenticated by theauthentication unit.

[0010] The present invention also provides a data transmitting methodincluding authenticating a device which is to be the destination oftransmission, decoding encrypted data read out from a storage unit ifthe device which is to be the destination of transmission has beenauthenticated, re-encrypting the decoded data based on innate key dataacquired from the device which is to be the destination of transmissionand sending the re-encrypted data to the device which is to be thedestination of transmission.

[0011] The present invention also provides a data outputting methodincluding authenticating a device which is to be the outputtingdestination, checking whether or not the device which is to be theoutputting destination has been authenticated, and selecting outputtingof encrypted data read out from the storage unit based on the results ofauthentication.

[0012] The present invention also provides a recording method whereindata encrypted based on innate key data of a device which is to be thedestination of transmission is input, data relevant to conditions ofduplication are extracted from the decoded data when the input data hasbeen decoded, and the operation of storing the decoded data in arecording unit is controlled based on the extracted data relevant toconditions of duplication.

[0013] The present invention also provides a recording device includinga decoding unit supplied with encrypted data based on innate key data ofa device which is to be the destination of transmission, an extractionunit for extracting data relevant to the conditions of duplication fromoutput data from the decoding unit, a recording unit in which decodeddata is recorded and a controller supplied with the decoded results fromthe decoder and with the data relevant to conditions of duplication,extracted by the extraction unit. The controller controls the operationof storage in a recording unit of the decoded data, based on the datarelevant to conditions of duplication as extracted by the extractionunit.

[0014] The recording device according to the present invention furtherincludes an encryption unit between the decoding unit and the recordingunit. To this encryption unit is supplied output data from the decodingunit.

[0015] The present invention also includes a method for generatingencoded data including encrypting content data of input digital databased on first key data, encrypting the first key data based on secondkey data generated using device-specific key data to generate encryptingkey data and generating encrypted data comprised at least of theencrypted content data and the key data.

[0016] The present invention also includes a method for decodingencrypted data including generating second key data by device-specifickey data and common key data read out from encrypted data comprised of arandom number supplied to a device, the common key data, encrypted keydata and encrypted content data, decoding the encrypted key data basedon the second key data generated and the random number to generate firstkey data, and decoding the encrypted content data based on the first keydata generated.

[0017] The present invention also includes a recording and/orreproducing device including an encryption unit for encrypting supplieddata, a storage unit in which the data encrypted by the encryption unitis stored, an authentication unit for authenticating a device which isto be the destination of transmission, a replay processing unit forreplay processing data read out from the storage unit and are-encryption unit for decoding output data from the replay processingunit for re-encrypting the decoded data. If the device which is to bethe destination of transmission has been authenticated by theauthentication unit, the data read out from the storage unit is decodedby the re-encryption unit. The decoded data is re-encrypted using innatekey data acquired from the device which is to be the destination oftransmission and which has been authenticated by the authenticationunit. The re-encrypted data is output to the device which is to be thedestination of transmission.

[0018] Other objects, features and advantages of the present inventionwill become more apparent from reading the embodiments of the presentinvention as shown in the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0019]FIG. 1 illustrates a data transmission/reception system embodyingthe present invention.

[0020]FIG. 2 is a block diagram of a recording and/or reproducingapparatus employing the system shown in FIG. 1.

[0021]FIG. 3 is a block diagram of an encryption circuit for encryptingdigital data.

[0022]FIG. 4 is a block diagram of a decrypting circuit.

[0023]FIG. 5 is a flowchart for illustrating the authenticationprocessing by a recording and/or reproducing apparatus.

[0024]FIG. 6 is a block diagram of a recording and/or reproducingapparatus as a dedicated apparatus.

[0025]FIG. 7 is a flowchart for illustrating the sequence of operationsin transmitting digital data to another device.

[0026]FIG. 8 is a block diagram showing a recording and/or reproducingapparatus as a dedicated device.

[0027]FIG. 9 is a flowchart for illustrating the sequence of operationsin transmitting digital data to another device.

[0028]FIG. 10 is a block diagram of a recording and/or reproducingapparatus as a dedicated device.

[0029]FIG. 11 is a flowchart for illustrating the sequence of operationsin transmitting digital data to another device.

[0030]FIG. 12 is a block diagram of a recording and/or reproducingapparatus for updating the truant duplication inhibiting information incase of downloading the digital data including the truant duplicationinhibiting information transmitted over the network.

[0031]FIG. 13 is a flowchart for illustrating the operation of therecording and/or reproducing apparatus shown in FIG. 13.

BEST MODE FOR CARRYING OUT THE INVENTION

[0032] Referring to the drawings, a data transmission/receipt system 1embodying the present invention is hereinafter explained.

[0033] Referring to FIG. 1, third data transmission/receipt system 1includes recording and/or reproducing devices 2 a, 2 b for recordingand/or reproducing digital data, such as audio data, and a server device3 in a network 5 over which the recording and/or reproducing devices 2a, 2 b are interconnected via an electrical communication network.

[0034] The server device 3 transiently stores digital data, such asaudio data, uploaded from one of the recording and/or reproducingdevices 2 a, in a storage unit, such as a hard disc, and sends, onreceipt of a downloading request from the other recording and/orreproducing device 2 b the audio data stored in the storage unit to theother recording and/or reproducing device 2 b.

[0035] The recording and/or reproducing device 2 a and the recordingand/or reproducing device 2 b are able to transmit/receive datadirectly, without the interposition of the server device 3, by providinga dedicated cable between the two devices, using an interface conformingto for example the IEEE (The Institute of Electronics Engineer, Inc.)1394 standard.

[0036] Referring to FIG. 2, the recording and/or reproducing devices 2a, 2 b are now explained. It is noted that, since the recording and/orreproducing devices 2 a, 2 b are of the same structure, the recordingand/or reproducing device 2 a or 2 b is sometimes referred to belowsimply as the recording and/or reproducing device 2.

[0037] This recording and/or reproducing device 2 includes an inputterminal 11, to which digital data, such as audio data, output from anexternal equipment, is input, and an input terminal 12, to whichencrypted digital data from the other recording and/or reproducingdevice 2 is input from the server device 3 over the network 5. Therecording and/or reproducing device 2 includes an encryption circuit 13for encrypting digital data input from an input terminal 11, a recordingprocessing circuit 14 for recording the encrypted digital data, astorage unit 15, comprised for example of a hard disc on which encrypteddigital data is recorded, a recordable optical disc, a semiconductormemory, or an IC card, and a reproducing processing circuit 16 forreproducing digital data read out from reproducing means, such asmagnetic head or an optical pickup.

[0038] This recording and/or reproducing device 2 includes, as atransmission system for transmitting digital data to the server device 3or to another recording and/or reproducing device, a selector 17 forswitching between a route of directly outputting the encrypted digitaldata and a route of re-encrypting the encrypted digital data to outputthe re-encrypted data, an authentication circuit 18 for authenticating adestination of transmission of digital data and for controlling theselector 17 based on the results of authentication, a decoding circuit19 for decrypting the encrypted digital data, a re-encrypting circuit 20for re-encrypting the digital data decrypted by the decoding circuit 19and a communication interface (communication I/F) 21 for datacommunication with the server device 3 and with the other recordingand/or reproducing device 2.

[0039] Moreover, the recording and/or reproducing device 2 alsoincludes, as a reproducing system for digital data recorded on thestorage unit 15, a decoding circuit 22, to which is input an output ofthe reproducing processing circuit 16, a D/A converter 23, forconverting the decoded digital data into analog signals, and aloudspeaker 24 for converting the converted analog signals intoelectrical signals to output the resulting electrical signals.

[0040] The encryption circuit 13 encrypts the digital data, input fromthe input terminal 11, using a device specific key stored in a memorywhich will be explained subsequently. Specifically, the encryptioncircuit 13 includes, as shown in FIG. 3, a random number generatingcircuit 31 for generating random numbers, a function circuit 32 forgenerating a function which is based on a random number, a content keymemory 33 for storing the content key for encrypting the content, amemory for a common key 34 for storing the content key, a memory for adevice-specific key 35, for recording a device-specific key proper tothe recording and/or reproducing device 2, a device-common keygenerating circuit 36 for generating a device-common key, common to thetotality of the recording and/or reproducing devices 2, from the commonkey and the device-specific key, a content encrypting circuit 37 forencrypting the content with the content key, and a content keyencrypting circuit 38 for encrypting the content key with thedevice-common key and with a function which is given the random number.

[0041] When the digital data, input from the input terminal 11, is inputto the encryption circuit 13, the content encrypting circuit 37 readsout the preset content key from the content key memory 33 and, usingthis content key, encrypts the content, except the header, such astitle, to output the encrypted content. Simultaneously, the randomnumber generating circuit 31 generates a random number to output thisrandom number to the function circuit 32, which function circuit 32 thengenerates a function based on this random number. The device-common keygenerating circuit 36 reads out the common key and the device-specifickey from the memory for a common key 34 and from the memory for adevice-specific key 35, respectively, and generates the device commonkey based on the common key read out from the memory for a common key 34and the device-specific key read out from the memory for adevice-specific key 35. The content key used for encrypting the contentread out from the content key memory 33 is also output to the contentkey encrypting circuit 38. This content key encrypting circuit 38generates an encrypting key with the function generated by the functioncircuit 32 and with the device common key generated by the device-commonkey generating circuit 36.

[0042] The encryption circuit 13 generates the following packets. Thatis, the packet generated by this encryption circuit 13 is made up by aheader, such as a title of content, not encrypted, a random numbergenerated by the random number generating circuit 31, the common keyoutput by the memory for a common key 34, an encryption key output bythe content key encrypting circuit 38, and encrypted content data outputby the content encrypting circuit 37.

[0043] The encryption circuit 13 outputs data to the recordingprocessing circuit 14, in terms of a packet as a unit, in order toperform the processing for recording in the storage unit 15. To therecording processing circuit 14 are input packet-based digital data,encrypted by the encryption circuit 13, and encrypted digital data fromthe server device 3 and other recording and/or reproducing device 2.These encrypted digital data are those input at the input terminal 12.This recording processing circuit 14 applies error correction processingor modulation to these input data followed by binary encoding. The datarecorded by the recording processing circuit 14 is recorded on arecording medium of the storage unit 15 by a magnetic head forming thestorage unit 15 or by a head unit of for example the optical pickup.Meanwhile, the storage unit 15 may be enclosed in the main body unit ofthe device or may be mounted on or dismounted from the main body unit ofthe device.

[0044] The data stored in the storage unit 15 is also read out from themagnetic head or by a head unit of for example the optical pickup. Theso read out data is output to the reproducing processing unit 16. Thereproducing processing circuit 16 binary encodes an output signal fromthe above-mentioned head unit and processes the binary encoded data withdemodulation or with error correction processing to output the resultingsignals to the communication I/F 21 of the transmission system or to thedecoding circuit 22.

[0045] The authentication circuit 18 effectuates authenticationprocessing with the recording and/or reproducing device as the source oftransmission, that is one of the aforementioned recording and/orreproducing devices 2 a and 2 b, to control the switching of theselector 17 based on the results of authentication. Even ifauthentication has been obtained with the recording and/or reproducingdevice 2 as the source of transmission, the authentication circuit 18performs switching control of the selector 17 as to whether the digitaldata is to be transmitted through the server device 3 to the otherrecording and/or reproducing device as the destination of transmissionor directly to the recording and/or reproducing device as thedestination of transmission over a dedicated cable. When theauthentication with the recording and/or reproducing device as thedestination of transmission has not been obtained by the authenticationcircuit 18 or when the authentication has been obtained and digital datais directly output to the other recording and/or reproducing device, theselector 17 is set so as to output the digital data in its encryptedform. On the other hand, when the authentication has been obtained andthe digital data is output through the server device 3 to the otherrecording and/or reproducing device as the destination of transmission,the selector is set for re-encryption.

[0046] When transmitting the digital data, the decoding circuit 19,forming the transmission system, decodes the digital data, encrypted bythe above-mentioned encryption circuit 13, to output the decoded digitaldata to the re-encrypting circuit 20 for re-encryption with thedevice-specific key of the recording and/or reproducing device as thedestination of transmission, acquired from the destination oftransmission. Specifically, the decoding circuit 19 includes a functioncircuit 41 adapted for generating a function based on a random number inthe packet, a memory for the device-specific key 42, in which the samekey as that stored in the memory for a device-specific key 35 of theencryption circuit 13 is stored, and a device-common key generatingcircuit 43 for generating a device-common key from the common key in thepacket and the device-specific key read out from the memory for thedevice-specific key 42, as shown in FIG. 4. The decoding circuit 19 alsoincludes an encryption key decoding circuit 44 for decoding theencryption key in the packet with the function generated in the functioncircuit 41 and with the device common key generated in the device-commonkey generating circuit 43, and a content decoding circuit 45 adapted fordecoding the encrypted content data in the packet based on the contentkey decoded by the encryption key decoding circuit 44, as shown in FIG.4.

[0047] When the encrypted digital data is input to the decoding circuit19, the function circuit 41 generates a function based on the randomnumber in the packet of the input digital data. The device-common keygenerating circuit 43 reads out the common key in the packet and thedevice-specific key from the memory for the device-specific key 42 togenerate a device common key in the device-common key generating circuit43 to output the so produced device common key to the encryption keydecoding circuit 44. The encryption key decoding circuit 44 decodes theencrypting key, read out from the packet, by the function generated inthe function circuit 41 and by the device common key sent from thedevice-common key generating circuit 43, to generate a content key,which then is output to the content decoding circuit 45. The contentdecoding circuit 45 reads out the encrypted content data from the packetand decodes the encrypted content data using the content key suppliedfrom the decoding circuit 44. Meanwhile, since the header in the packetis not encrypted, the decoding circuit 19 directly reads out the headerfrom the packet. The decoding circuit 19 re-encrypts the decoded digitaldata to output the data to the re-encrypting circuit 20.

[0048] When the authentication has been acquired and the re-encryptingcircuit 20 outputs the digital data to another recording and/orreproducing device as the destination of transmission, the re-encryptingcircuit acquires the device-specific key from the recording and/orreproducing device as the destination of transmission. Using thisacquired device-specific key, the re-encrypting circuit re-encrypts theoutput digital data, that is, re-encrypts the digital data sent from thedecoding circuit 19. This re-encrypting circuit 20 is substantially ofthe same structure as the encryption circuit 13 shown in FIG. 3 andhence is not explained specifically. To the device-common key generatingcircuit 36 is input the device-specific key of the destination oftransmission, read out not from the memory for a device-specific key 35but from the memory for device-specific key of the other recordingand/or reproducing device as the destination of transmission of thedigital data. The re-encrypting circuit 20 generates packets, asdescribed above, to output the data to the communication I/F 21 from onepacket to the next. The packet is made up by a non-encrypted header, arandom number generated in the random number generating circuit 31, acommon key output from the memory for a common key 34, an encrypting keyoutput from the content key encrypting circuit 38 and the encryptedcontent output from the content encrypting circuit 37.

[0049] For transmission to, for example, the server device 3, thecommunication I/F 21 executes a transmission protocol, such as TCP/IP(transmission control protocol/internet protocol), to transmit there-encrypted digital data to the server device 3 via output terminal 25.In directly communicating with other recording and/or reproducingdevices, as the destination of transmission over a dedicated cable, thecommunication I/F executes e.g., IEEE 1394 protocol, to maketransmission to the recording and/or reproducing devices, as thedestination of transmission, via output terminal 25.

[0050] The decoding circuit 22, forming the reproducing system, issupplied with digital data, which are read out from the storage unit 15and demodulated and encrypted by the reproducing processing circuit 16,to decrypt the digital data encrypted by the encryption circuit 13.Basically, this decoding circuit 22 is configured similarly to thedecoding circuit 19, as shown in FIG. 4, and, although not shown indetail, includes a memory for a device-common key 46, and a selector 47for switching between an output of the device common key generatingcircuit 43 and an output of the memory for a device-common key 46.

[0051] The selector 47 is switched by a controller, not shown, of therecording and/or reproducing device 2. In reproducing the digital data,downloaded from the server device 3, the selector 47 is switched so thatthe device-common key, generated by the device-common key generatingcircuit 43, will be output to the encryption key decoding circuit 44. Inreproducing the digital data, directly transmitted from the otherrecording and/or reproducing device over the dedicated cable, theselector 47 is switched so that the device common key stored in thememory for a device-common key 46, will be output to the encryption keydecoding circuit 44. The decoding circuit 22 outputs the decoded digitaldata to the D/A converter 23. The D/A converter 23 converts the decodeddigital data into analog signals. These analog signals are sent to theloudspeaker 24, which then transduces the supplied analog signals intoaudible output signals.

[0052] In the above-described recording and/or reproducing device 2, theoperation of storing digital data, such as audio data, output from theexternal equipment, in the storage unit 15, is now explained. Thedigital data, read out from the external storage device, is input fromthe input terminal 11, so as to be encrypted by the encryption circuit13. That is, when the digital data is input to the encryption circuit 13from the input terminal 11, the content encrypting circuit 37 encryptsthe input digital data, to the exclusion of the header part, such astitle, using the content key read out from the content key memory 33. Atthis time, the random number generating circuit 31 generates a randomnumber to output this random number to the function circuit 32, whichfunction circuit 32 then generates a function based on the random numbersupplied from the random number generating circuit 31. The device-commonkey generating circuit 36 generates a device common key based on thecommon key read out from the memory for a common key 34 and on thedevice innate key generated by the memory for a device-specific key 35.The content key, used in encrypting the content data of the digitaldata, is also output from content key memory 33 to the content keyencrypting circuit 38. This content key encrypting circuit 38 generatesan encrypting key from the function generated by the function circuit 32based on the random number supplied thereto and on the device common keygenerated by the device-common key generating circuit 36. The encryptioncircuit 13 generates a packet made up of the non-encrypted header, therandom number generated by the random number generating circuit 31, thecommon key output by the memory for a common key 34, the encrypting keyoutput by the content key encrypting circuit 38 and the encryptedcontent output by the content encrypting circuit 37.

[0053] The encrypted data, output on the packet basis from theencryption circuit 13, is processed for recording in the recordingprocessing circuit 14 so as to be then recorded on the recording mediumby the header unit forming the storage unit 15. In the recording and/orreproducing device 2, the digital data is recorded as it is encrypted inthe storage unit 15, although the header is not encrypted. Thus, therecording and/or reproducing device 2 is able to retrieve the digitaldata, as desired by the user, extremely readily, with use of the header,even though the digital data is stored as it is encrypted in the storageunit 15, so that the digital data transmitted or the digital datareproduced may be found out extremely readily.

[0054] Referring to FIG. 5, the authentication processing in theauthentication circuit 18 when the recording and/or reproducing device 2a as the source of transmission, described above, is transmitted to therecording and/or reproducing device 2 b, as the destination oftransmission, is now explained.

[0055] First, when the transmission processing of transmitting digitaldata, stored in the encrypted in the storage unit 15 is executed at stepS1 by the user, the authentication circuit 18 of the recording and/orreproducing device 2 a as the source of transmission performsauthentication as to whether or not the recording and/or reproducingdevice 2 b as the destination of transmission is a device conforming tothe same standard. Specifically, the recording and/or reproducing device2 a performs authentication of the recording and/or reproducing device 2b of the destination of transmission over a dedicated cable or throughthe server device 3. If the recording and/or reproducing device 2 b asthe destination of transmission has been authenticated, that is if therecording and/or reproducing device 2 b as the destination oftransmission is a device conforming to the same standard, the recordingand/or reproducing device 2 a as the source of transmission proceeds tostep S2. If otherwise, that is if the recording and/or reproducingdevice as the destination of transmission is found to be not the deviceconforming to the same standard, the recording and/or reproducing deviceas the source of transmission proceeds to step S4.

[0056] At step S2, the recording and/or reproducing device 2 a as thesource of transmission checks to see whether the transmission of digitaldata is direct transmission over a dedicated cable or indirecttransmission over the server device 3, and selects the method fortransmitting the digital data for transmission and the system of thecommunication I/F 21. If it is determined at step S2 that thetransmission is direct transmission over the dedicated cable, therecording and/or reproducing device 2 a as the source of transmissionproceeds to step S3 and, if it is determined at step S2 that thetransmission is indirect transmission through the server device 3, therecording and/or reproducing device 2 a proceeds to step S5.

[0057] If, at step S3, the transmission is direct transmission employinga dedicated cable, the recording and/or reproducing device 2 b as thedestination of transmission is the authenticated regular device havingthe decoding function in meeting with own encryption, and hence therecording and/or reproducing device 2 a as the source of transmissiondirectly outputs the encrypted digital data over the dedicated cable tothe recording and/or reproducing device 2 b as the destination oftransmission. That is, the selector 17 of the recording and/orreproducing device 2 a interconnects the reproducing processing circuit16 and the communication I/F 21, as shown in FIG. 2. Thus, the encrypteddigital data, stored in the storage unit 15, is processed for replay inthe reproducing processing circuit 16 and thence output directly fromthe communication I/F 21 to the recording and/or reproducing device 2 bas the destination of transmission. Since it is unnecessary to performdecoding or re-encryption, the recording and/or reproducing device 2 aas the source of transmission is able to send the digital data speedilyto the recording and/or reproducing device 2 as the destination oftransmission.

[0058] To the recording and/or reproducing device 2 b as the destinationof transmission, encrypted digital data is input from the recordingand/or reproducing device 2 a as the source of transmission are input atthe input terminal 12 and processed for recording in the recordingprocessing circuit 14 so as to be then recorded on the storage unit 15.In the recording and/or reproducing device 2 b as the destination oftransmission, the encrypted digital data is stored in the storage unit15, however, since the header is not encrypted, the digital data to bereproduced can be retrieved readily. In reproducing the encrypteddigital data, recorded in the storage unit 15, the encrypted digitaldata, read out from the reproducing means, is processed for reproductionby the reproducing processing circuit 16 so as to be output to thedecoding circuit 22 of the reproducing system.

[0059] Referring to FIG. 4, the decoding circuit 22 switches theselector 47 to enable the device common key stored in the memory for adevice-common key 46 to be output to the encryption key decoding circuit44. When the digital data encrypted in the encryption circuit 13 of therecording and/or reproducing device 2 a as the source of transmission isinput to the function circuit 41, the function circuit generates afunction based on the random number in the packet. The encryption keydecoding circuit 44 reads out the device common key stored in the memoryfor a device-common key 46. The encryption key decoding circuit 44decodes the encrypting key, read out from the packet, with the functiongenerated in the function circuit 41 and with the device common key, togenerate the content key, which is output to the content decodingcircuit 45. The content decoding circuit 45 reads out the encryptedcontent from the packet to decode the read-out encrypted content usingthe content key. Meanwhile, since the header in the packet is notencrypted, the decoding circuit 22 directly reads it out from thepacket. The decoding circuit 22 outputs the decoded digital data to theD/A converter 23, which D/A converter 23 converts the decoded digitaldata into analog signals. These analog signals are supplied to theloudspeaker 24, which loudspeaker 24 transduces the analog signals tooutput audible sound.

[0060] If, at step S1, the recording and/or reproducing device 2 b asthe destination of transmission has not been authenticated, therecording and/or reproducing device 2 a as the source of transmission atstep S4 directly outputs the encrypted digital data over the dedicatedcable or through the server device 3 to the recording and/or reproducingdevice 2 b as the destination of transmission. That is, the recordingand/or reproducing device 2 a as the source of transmission changes overthe selector 17 so that the reproducing processing circuit 16 will bedirectly connected to the communication I/F 21, as shown in FIG. 2.Thus, the encrypted digital data, stored in the storage unit 15, isprocessed for replay in the reproducing processing circuit 16 and thenceoutput directly through the communication I/F 21 to the recording and/orreproducing device 2 b as the destination of transmission. The encrypteddigital data is input to the input terminal 12 of the recording and/orreproducing device 2 b as the destination of transmission and processedfor recording by the recording processing circuit 14 so as to berecorded by recording means in the storage unit 15.

[0061] It should be noted that the recording and/or reproducing device 2b as the destination of transmission has not been authenticated and doesnot have the decoding function so that it cannot decode the encrypteddigital data stored in the storage unit 15. Thus, even supposing thatthe digital data has been acquired by a person other than an authorizeduser, the digital data can be prevented from being reproduced.

[0062] If the recording and/or reproducing device 2 a as the source oftransmission at step S2 has determined that the transmission is indirecttransmission through the server device 3, the encrypted digital data,read out from the storage unit 15, is processed for reproduction by thereproducing processing circuit 16. The selector 17 is changed over tointerconnect the reproducing processing circuit 16 and the decodingcircuit 19 to permit re-encryption.

[0063] Referring to FIG. 4, when the encrypted digital data is input tothe decoding circuit 19, the function circuit 41 generates a function,based on the random number in the packet. The device-common keygenerating circuit 43 reads out the common key in the packet and thedevice-specific key from the memory for the device-specific key 42 togenerate the device common key which is output to the encryption keydecoding circuit 44. The encryption key decoding circuit 44 decodes theencrypting key read out from the packet, by the function generated inthe function circuit 41 and by the device common key, to generate acontent key, which is output to the content decoding circuit 45. Thecontent decoding circuit 45 reads out the encrypted content from thepacket and decodes it using the content key. Meanwhile, since the headerin the packet is not encrypted, the decoding circuit 19 directly readsit out from the packet. The decoding circuit 19 outputs the decodeddigital data to the re-encrypting circuit 20.

[0064] Then, at step S6, the recording and/or reproducing device 2 a asthe source of transmission acquires the device-specific key through theserver device 3 from the memory for the device-specific key 35 of therecording and/or reproducing device 2 b, as the destination oftransmission, in order to permit decoding by the authenticated recordingand/or reproducing device 2 b as the destination of transmission.

[0065] Then, at step S7, the digital data decoded by the decodingcircuit 19 is re-encrypted in the re-encrypting circuit 20 in therecording and/or reproducing device 2 a, as the source of transmission,using a device-specific key acquired at step S6. That is, when thedigital data is input to the re-encrypting circuit 20, the contentencrypting circuit 37 reads out the preset content key from the contentkey memory 33 and encrypts the digital data, except the header, such astitle, using the so read-out content key. Simultaneously, the randomnumber generating circuit 31 generates a random number, which is thenoutput to the function circuit 32. The function circuit 32 generates afunction, based on the random number. The device-common key generatingcircuit 36 generates a device common key, based on the common key readout from the memory for a common key 34, and on the device-specific key,acquired from the recording and/or reproducing device 2 b as thedestination of transmission. The content key, used for encrypting thecontent, is also output from the content key memory 33 to the contentkey encrypting circuit 38, which content key encrypting circuit 38 thengenerates an encrypting key, using the function generated by thefunction circuit 32 by being afforded with the random number and alsousing the device common key generated in the device-common keygenerating circuit 36. The re-encrypting circuit 20 generates a packetmade up of an unencrypted header, the random number generated in therandom number generating circuit 31, the common key output from thememory for a common key 34, the encrypting key output from the contentkey encrypting circuit 38, and encrypted content output from the contentencrypting circuit 37, to output the resulting packet to thecommunication I/F 21.

[0066] The so re-encrypted digital data is transmitted over the network5 to the server device 3 where it is stored transiently. If, in thiscase, an unauthorized terminal device accesses the server device 3, andthe digital data transmitted from the recording and/or reproducingdevice 2 a is downloaded and stored in the storage unit of the terminaldevice, this terminal device is unable to decode the digital data andhence is unable to reproduce the digital data downloaded to the storageunit. Thus, the digital data transiently recorded in the server device 3can be prevented from being reproduced by the terminal device of theunauthorized user. When a number of encrypted digital data is saved inthe server device 3, the header is not encrypted, so that the data savedin the server device 3 can be easily retrieved by the recording and/orreproducing devices 2 a, 2 b.

[0067] By accessing the server device 3, the recording and/orreproducing device 2 b as the destination of transmission is able todownload the digital data transmitted to itself and saved in the serverdevice 3. The encrypted digital data, downloaded from the server device3, is input at the input terminal 12 and processed for recording in therecording processing circuit 14 so as to be then stored in the storageunit 15. Although the encrypted digital data is stored in the storageunit 15 of the recording and/or reproducing device 2 b as thedestination of transmission, the digital data to be reproduced can beeasily retrieved because the header is not encrypted. In replay, thedigital data read out from the storage unit 15 is processed for replayin the reproducing processing circuit 16 and output to the decodingcircuit 22 of the reproducing system.

[0068] Referring to FIG. 4, the selector 47 is changed over so that thedevice common key generated in the device-common key generating circuit43 will be output to the encryption key decoding circuit 44. When theencrypted digital data is input to the encryption circuit 13, thefunction circuit 41 generates a function, based on the random number inthe packet. The device-common key generating circuit 43 reads out thecommon key in the packet and the device-specific key from the memory forthe device-specific key 42 to generate a device common key which isoutput to the encryption key decoding circuit 44. It should be notedthat the device-specific key in the memory for the device-specific key42 of the recording and/or reproducing device 2 b is of the same type asthat acquired at step S36 by the recording and/or reproducing device 2 aas the source of transmission. The encryption key decoding circuit 44decodes the encrypting key, read out from the packet, by the functiongenerated in the function circuit 41 and by the device common key, togenerate the content key, which is output to the content decodingcircuit 45. The content decoding circuit 45 reads out the encryptedcontent data from the packet to decode the so read out encrypted contentdata using the content key. Meanwhile, since the header in the packet isunencrypted, it is directly read out from the packet by the decodingcircuit 22. The decoding circuit 22 outputs the decoded digital data tothe D/A converter 23. The D/A converter 23 converts the decoded digitaldata into analog signals, which are sent to the loudspeaker 24. Theloudspeaker 24 transduces the analog signals into audible output sound.

[0069] In the above-described system, if the digital data transientlystored in the server device 3 is downloaded by an unauthorized recordingand/or reproducing device and stored in the storage unit thereof, thedownloaded digital data is encrypted and hence is not reproduced by theunauthorized recording and/or reproducing device. Thus, according to thepresent invention, copyright management may be made without introducingthe truant duplication inhibiting information into the digital data.

[0070] Although the case of employing a dedicated cable in transmittingdigital data between the recording and/or reproducing devices 2 a, 2 bhas been explained in the foregoing, data transmission can also be madeover a radio route.

[0071] Another embodiment of the present invention in which digital datais exchanged between the recording and/or reproducing device 2 a as adedicated equipment of the present system and the recording and/orreproducing device 2 b is hereinafter explained. The recording and/orreproducing devices 2 a, 2 b, exchanging data directly over a wired orwireless route, represent a safe environment for digital datacommunication. So, in the present modified embodiment of the recordingand/or reproducing device 2 a as the source of transmission, accordingto the present invention, the encrypted digital data is directlytransmitted to the recording and/or reproducing device 2 b when therecording and/or reproducing device 2 b as the destination oftransmission is authenticated. When the recording and/or reproducingdevice 2 b as the destination of transmission is not authenticated,outputting of the digital data is inhibited. In the present embodiment,digital data is not exchanged by the unauthorized device through theaccessible server device 3, as in the above-described embodiment, inorder to improve the safety in data communication. A further modifiedembodiment of the present invention is explained with reference to FIGS.6 and 7.

[0072] Referring to FIG. 6, the present recording and/or reproducingdevice 50 is configured similarly to the recording and/or reproducingdevice 2 shown in FIG. 2 except the transmission system. The recordingand/or reproducing device 50 includes, as a transmission system fortransmitting digital data to the other recording and/or reproducingdevice, an authentication circuit 51 for authenticating the device asthe data transmission destination, and a selector 52 for enabling datato be output only when the device as the destination of transmission hasbeen authenticated in the authentication circuit 51.

[0073] The authentication circuit 51 authenticates the device as thedestination of transmission and controls the switching of the selector52 based on the results of authentication. For example, the device asthe destination of transmission and the recording and/or reproducingdevice 50 as the source of transmission are interconnected over a cableconforming to the IEEE 1394 standard and the device 50 authenticates thedevice as the destination of transmission to control the selector basedon the results thereof. That is, if the device as the destination oftransmission is the recording and/or reproducing device 50 as thededicated equipment, the authentication circuit 51 assumes that thetransmission of encrypted digital data is possible and switches theselector 52 for interconnecting the reproducing processing circuit 16and the communication I/F 21. When the device as the destination oftransmission is the server device 3 or e.g., a personal computer as ageneral-purpose equipment, but is not the recording and/or reproducingdevice 50, the authentication circuit 51 changes over the selector 52 soas not to interconnect the reproducing processing circuit 16 and thecommunication I/F 53 43, in order to prohibit the outputting of theencrypted digital data.

[0074] Referring to FIG. 7, the sequence of operations when therecording and/or reproducing device 50 transmitting digital data to theother device is explained. If, at step S11, the user performs theoperation of transmitting the encrypted digital data stored in thestorage unit 15, the authentication circuit 51 of the recording and/orreproducing device 50 as the source of transmission checks to seewhether or not the device as the destination of transmission is therecording and/or reproducing device having the same function as therecording and/or reproducing device 50 as the source of transmission.That is, the authentication circuit 51 does not authenticate the deviceof the destination of transmission as being the device of thedestination of transmission when the device as the destination oftransmission is the general-purpose equipment such as a personalcomputer or when the destination of transmission is ultimately therecording and/or reproducing device 50 but transmission thereto is madevia the server device 3. That is, if digital data is transmitted to theserver device 3, there is a risk of illicit downloading to anunauthorized device, such that the server device 3 cannot be said to becompletely safe as an environment. On the other hand, if the digitaldata is sent to the general-purpose equipment, such as a personalcomputer, there is a risk that the decoding software has been illicitlyinstalled on the personal computer such that the risk is high that theencrypted digital data is decoded illicitly. The recording and/orreproducing device 50 is adapted to transmit digital data only whendirect connection is made in the recording and/or reproducing device 50as the dedicated equipment.

[0075] When the digital data is directly transmitted to the recordingand/or reproducing device 50, the authentication circuit 51 at step S12changes over the selector 52 to interconnect the reproducing processingcircuit 16 to the communication I/F 21. The recording and/or reproducingdevice 50 as the source of transmission sends encrypted digital data tothe recording and/or reproducing device 50 as the destination oftransmission.

[0076] When the device of the destination of transmission is directly ageneral-purpose equipment, such as personal computer, or when thedestination of transmission is the recording and/or reproducing device50 but is directly the server device 3, the authentication circuit 51 atstep S13 changes over the selector 52 to turn off the connection betweenthe reproducing processing circuit 16 and the communication I/F 21. Thatis, the recording and/or reproducing device 50 inhibits the outputtingof the encrypted digital data to the device of the destination oftransmission.

[0077] The above-described recording and/or reproducing device 50 as thesource of transmission permits the outputting of the encrypted digitaldata only when the digital data can be transmitted is a completely safeenvironment, that is when the digital data can be directly output to therecording and/or reproducing device 50 as the destination oftransmission, to effectuate safe transmission/receipt of the digitaldata. Moreover, in transmitting the digital data, the digital data savedin the encrypted state in the storage unit 15 can be sent to therecording and/or reproducing device 50 as the destination oftransmission without re-encryption, thus achieving saving in timecorresponding to the re-encryption time.

[0078] In the above-described embodiment, digital data can be outputonly when the device of the destination of transmission is such a devicethat can be authenticated, for example, when the device of thedestination of transmission is the recording and/or reproducing device50 which is of the same type as the device of destination oftransmission. However, the device of the destination of transmission isnot limited to the recording and/or reproducing device 50 if the deviceof the destination of transmission enables digital data to be outputunder a safe environment. For example, if the device in which e.g., thedecoding circuit conforming to the present invention is formed by adedicated semiconductor chip, the device is reliable and permits data tobe exchanged safely, and hence the outputting of digital data may beallowed in such case.

[0079] Referring to FIGS. 8 and 9, a modified embodiment of the presentinvention in which digital data can be output not only to the recordingand/or reproducing device explained with reference to FIGS. 6 and 7 butalso to a personal computer as a general-purpose equipment in case ofsuccessful authentication is explained.

[0080] Referring to FIG. 8, a recording and/or reproducing device 60shown therein is configured similarly to the recording and/orreproducing device 2 shown in FIG. 2, except the transmission system,and hence the same reference numerals are used to depict thecorresponding parts and the detailed description is omitted for clarity.The recording and/or reproducing device 60 includes, as a transmissionsystem for transmitting the encrypted digital data to the other device,a first authentication circuit 61, a first selector 62, a secondauthentication circuit 63, a second selector 64, a decoding circuit 65and a re-encrypting circuit 66. The first authentication circuit 61performs authentication as to whether the device of the destination oftransmission is the same recording and/or reproducing device as therecording and/or reproducing device 2 a as the source of transmission.The first selector changes over the route of directly outputting theencrypted digital data and the route of re-encrypting the encrypteddigital data to output the so re-encrypted digital data. The secondauthentication circuit effectuates automatic as to whether the device ofthe destination of transmission is a general-purpose equipment, such asa personal computer. The second selector permits the outputting of theencrypted digital data when the general-purpose equipment has beenauthenticated by the second authentication circuit 63. The decodingcircuit decodes the encrypted digital data. The re-encrypting circuitre-encrypts the digital data decoded by the decoding circuit 65.

[0081] The first authentication circuit 61 authenticates the device ofthe destination of transmission and controls the switching of theselector 52 based on the results of authentication. That is, if thedevice of the destination of transmission is the same recording and/orreproducing device as the recording and/or reproducing device 60 as thesource of transmission and the digital data is directly sent to thisrecording and/or reproducing device as the destination of transmission,the first authentication circuit 61 assumes that the transmission of theencrypted digital data is possible, and accordingly changes over thefirst selector 62 to interconnect the reproducing processing circuit 16and the communication I/F 21. If the device of the destination oftransmission is the same device as the recording and/or reproducingdevice 60 as the source of transmission but transmission is made viaserver device 3, or if the digital data is directly sent but therecording and/or reproducing device as the destination of transmissionis a general-purpose equipment, such as personal computer, the firstauthentication circuit 61 disconnects the reproducing processing circuit16 from the communication I/F 21 and changes over the first selector todisconnect the reproducing processing circuit 16 and the second selector64 from each other.

[0082] The second authentication circuit 63 effectuates authenticationas to whether the device of the destination of transmission is thegeneral-purpose equipment, such as personal computer, in which thedecoding software has been regularly installed, or is the recordingand/or reproducing device as the source of transmission or thegeneral-purpose equipment which operates as a destination oftransmission when digital data is transmitted through the server device3 to a destination of transmission which is the same type as therecording and/or reproducing device 60 as the source of transmission orto the general-purpose equipment, and controls the changeover of thesecond selector 64 based on the results of authentication. That is, thesecond authentication circuit 63 switches the second selector 64 to theON-state of interconnecting the reproducing processing circuit 16 andthe decoding circuit 65, through the first selector 62, when encrypteddigital data is transmitted to a general-purpose equipment where thedecoding software is regularly installed, to a recording and/orreproducing device which is the same type as the recording and/orreproducing device 60 as the source of transmission, through the serverdevice 3, or to the general-purpose equipment, where the decodingsoftware is regularly installed, through the server device 3. When thedevice as the destination of transmission has not been authenticated,the second authentication circuit 63 changes over the second selector 64to an OFF state of not interconnecting the reproducing processingcircuit 16 and the decoding circuit 65. The second authenticationcircuit 63 sets a digital data outputting inhibiting state.

[0083] In transmitting the digital data, the decoding circuit 65 decodesthe digital data, encrypted by the encryption circuit 13 for encryption,to output the decoded digital data to the re-encrypting circuit 66.

[0084] The re-encrypting circuit 66 acquires an public key from thegeneral-purpose equipment from the general-purpose equipment,authenticated by the second authentication circuit 63, to re-encrypt thedigital data, using the public key. The re-encrypting circuit 66 outputsthe re-encrypted digital data to the communication I/F 21.

[0085] Referring to FIG. 9, the sequence of operations of the recordingand/or reproducing device 60 transmitting digital data to the otherdevice is explained. When the operation of transmitting the encrypteddigital data, stored encrypted in the storage unit 15, is performed bythe user, the first authentication circuit 61 of the recording and/orreproducing device 60 at step S21 checks whether or not the device ofthe destination of transmission is the recording and/or reproducingdevice which is the same type as the recording and/or reproducing device60 as the source of transmission. That is, the first authenticationcircuit 61 checks to see whether the digital data is to be directlytransmitted to the same recording and/or reproducing device as therecording and/or reproducing device as the destination of transmissionor to a device other than the recording and/or reproducing device.

[0086] When the device of the destination of transmission has beenauthenticated to be the same recording and/or reproducing device as therecording and/or reproducing device 60, the first authentication circuit61 at step S22 changes over the first selector 62 so that the digitaldata will be output from the reproducing processing circuit 16 to thecommunication I/F 21. For example, by changing over the first selector62, the encrypted digital data, read out from the storage unit 15, issent in the encrypted state from the communication I/F 21 to therecording and/or reproducing device as the destination of transmission,as shown in FIG. 8. In this case, since the recording and/or reproducingdevice 60 does not re-encrypt the output digital data, the recordingand/or reproducing device 60 is able to send the digital data at a highspeed. In reproducing the digital data, the recording and/or reproducingdevice as the destination of transmission decodes and reproduces thedata using the common key.

[0087] If, at step S21, the first authentication circuit 61 has notauthenticated the device of the destination of transmission, the secondauthentication circuit 63 at step S23 authenticates the device of thedestination of transmission. That is, the second authentication circuit63 checks to see whether the device connected directly or through theserver device 3 is the general-purpose equipment where the decodingsoftware has been regularly installed, or whether the device connectedthrough the server device 3 is the same recording and/or reproducingdevice as the recording and/or reproducing device as the destination oftransmission 60.

[0088] When the device of the destination of transmission has beenauthenticated by the second authentication circuit 63, the secondauthentication circuit 63 changes over the second selector 64, throughthe first selector 62, to a state of interconnecting the reproducingprocessing circuit 16 and the decoding circuit 65. At this time, thefirst selector 62 is changed over so that the output of the reproducingprocessing circuit 16 will be supplied through the second selector 64 tothe decoding circuit 65. The encrypted digital data, read out from thestorage unit 15, is input to the decoding circuit 65. The encrypteddigital data, read out from the storage unit 15, is input to thedecoding circuit 65. The decoding circuit 65 decodes the digital data,encrypted by the encryption circuit 13, for re-encryption, to output thedecoded digital data to the re-encrypting circuit 66.

[0089] The re-encrypting circuit 66 at step S25 acquires the public keyof the device of the destination of transmission. At step S26, there-encrypting circuit 66 re-encrypts the digital data decrypted by thedecoding circuit 65. The communication I/F 20 sends this re-encrypteddigital data to the device of the destination of transmission. That is,if, at step S23, the device of the destination of transmission is ageneral-purpose equipment or transmission is made to the server device3, the degree of safety is lower than at step S22. In thisconsideration, the digital data is re-encrypted, using the public key ofthe device of the destination of transmission, and the so encrypted datais transmitted, to maintain the degree of safety.

[0090] If, at step S27, the device of the destination of transmissionhas not been authenticated, the device of the destination oftransmission is not an authentic device. Thus, the second authenticationcircuit 63 turns off the connection between the reproducing processingcircuit 16 and the communication I/F 21. That is, the recording and/orreproducing device 60 inhibits the outputting of the encrypted digitaldata to the device of the destination of transmission.

[0091] The recording and/or reproducing device 60, described above,permits the outputting of the encrypted digital data only when thedigital data can be sent in a completely safe environment, that is whenthe digital data is directly output to the recording and/or reproducingdevice 60, to effect safe digital data transmission/reception. Since thedigital data, saved in the storage unit 15 in an encrypted state, istransmitted to the recording and/or reproducing device 60 as thedestination of transmission, without encryption, the recording and/orreproducing device 60 as the destination of transmission is able tooutput the digital data at a high speed. If the digital data is notoutput directly to the recording and/or reproducing device 60, but thedevice of the destination of transmission has been authenticated, thedigital data can be sent to the other device as the degree of safety ismaintained by the encryption. That is, in the present embodiment, thenumber of the types of the devices to which digital data can be outputcan be more than in the embodiment of FIGS. 6 and 7.

[0092] Referring to FIGS. 10 and 11, an embodiment of a recording and/orreproducing device 70, in which the outputting method can be changeddepending on the characteristics of the device of the destination oftransmission, is now explained. Since this recording and/or reproducingdevice 70 is substantially similar to the recording and/or reproducingdevice 2 of FIG. 2, except the transmission system, common parts areindicated by the same reference numerals. The recording and/orreproducing device 70 includes, as a transmission system of transmittingthe encrypted digital data to the other device, an authenticationcircuit 71, a decision circuit 72, a decoding circuit 73 and are-encrypting circuit 74. The authentication circuit authenticates thedevice of the destination of transmission. The decision circuitdiscriminates the sort of the device of the destination of transmissiondepending on the results of authentication by the authentication circuit71. The decoding circuit decodes the encrypted digital data output fromthe reproducing processing circuit 16. The re-encrypting circuitre-encrypts the digital data decrypted by the decoding circuit 73. Inaddition, for converting the digital data into output analog signals,the recording and/or reproducing device 70 includes a decoding circuit75 for decrypting the digital data output from the reproducingprocessing circuit 16 and a D/A converter 76 for converting the digitaldata into analog data.

[0093] The authentication circuit 71 authenticates the device of thedestination of transmission. Specifically, the authentication circuit 71performs authentication as to whether or not the device of thedestination of transmission is authorized, that is whether the device ofthe destination of transmission is the recording and/or reproducingdevice which is the same type as the recording and/or reproducing device70 as the source of transmission, a general-purpose equipment, such as apersonal computer, where the software for utilization of the presentsystem has been regularly installed, or is the same recording and/orreproducing device as the recording and/or reproducing device 70 as thesource of transmission, or a general-purpose equipment connected throughthe server device 3. The authentication circuit 71 outputs the sort ofthe authenticated device and the results of authentication to thedecision circuit 72. The authentication circuit 71 interconnects e.g.,the recording and/or reproducing device 70 as the source of transmissionand the device of the destination of transmission by a cable conformingto the IEEE 1394 standard to exchange signals pursuant to the IEEE 1394standard to effect authentication.

[0094] The decision circuit 72 discriminates the sort of the device ofthe destination of transmission, transmitting the encrypted digitaldata, depending on the output which is based on the results ofauthentication from the authentication circuit 71. When sending thedigital data directly to the recording and/or reproducing device whichis the same type as the authenticated device of the source oftransmission, the decision circuit 72 sends the digital data from thereproducing processing circuit 16 to the communication I/F 20. Whensending the digital data directly to the general-purpose equipment orindirectly through the server device 3 to a recording and/or reproducingdevice which is the same type as the recording and/or reproducing device70, or the general-purpose equipment, the decision circuit 72 sends thedigital data from the reproducing processing circuit 16 to the decodingcircuit 73. If the device transmitting the digital data is notauthorized, that is, has not been authenticated, the decision circuit 72inhibits the outputting of the digital data through the communicationI/F 20, or sends the digital data from the reproducing processingcircuit 16 to the decoding circuit 75.

[0095] In sending the digital data, the decoding circuit 73 decodes thedigital data encrypted by the encryption circuit 13, for re-encryption,to output the decoded digital data to the re-encrypting circuit 74.

[0096] The re-encrypting circuit 74 acquires an public key from therecording and/or reproducing device as the destination of transmission,authenticated by the authentication circuit 71, or from thegeneral-purpose equipment, to encrypt the digital data using this publickey. The re-encrypting circuit 74 outputs the re-encoded digital data tothe communication I/F 21.

[0097] The decoding circuit 75 decodes the digital data, encrypted bythe encryption circuit 13, for outputting analog signals, to output theanalog signals to a D/A converter 76, which D/A converter 76 convertsthe digital data into analog signals, which are output as analog signalsfrom the device 70.

[0098] Referring to FIG. 11, the sequence of operations when therecording and/or reproducing device 70 as the source of transmissionsends digital data to the other device is explained. When the userperforms the transmission processing of sending the encrypted digitaldata stored in the storage unit 15, the authentication circuit 71 of therecording and/or reproducing device 70 as the source of transmission atstep S31 performs the authentication as to whether the device of thedestination of digital data transmission is an authorized one, andoutputs the results of authentication and the sort of the authenticateddevice to the decision circuit 72. Depending on the results ofauthentication, the decision circuit 72 checks to see whether theencrypted digital data from the reproducing processing circuit 16 is tobe output to the communication I/F 20 or to the decoding circuit 73,inhibited from being output, or output to the decoding circuit 75.

[0099] When the decision circuit 72 has determined that the digital datais to be sent directly to the recording and/or reproducing device whichis the same type as the recording and/or reproducing device 70 as thedestination of transmission, the decision circuit 72 at step S32 outputsthe encrypted digital data output from the reproducing processingcircuit 16 to the communication I/F 21. Since the encrypted digital datais read out from the storage unit 15 in a safe device-to-devicecommunication environment, the encrypted digital data is sent in theencrypted state from the communication I/F 21 to the recording and/orreproducing device as the source of transmission. Since the recordingand/or reproducing device 70 as the source of transmission does notre-encrypt the digital data, which is transmitted, it is possible tosend the digital data at a high speed. In reproducing the digital data,the recording and/or reproducing device as the destination oftransmission decodes and reproduces the transmitted digital data using acommon key.

[0100] When the decision circuit 72 has determined that the digital datais to be sent to a general-purpose equipment directly connected to thedevice of the source of transmission, which is the device of thedestination of transmission, or to a recording and/or reproducingdevice, which is the same type as the recording and/or reproducingdevice 70 as the source of transmission, or to the general-purposeequipment, through the server device 3, the decision circuit at step S33sends the digital data from the reproducing processing circuit 16 to thedecoding circuit 73. For re-encryption, the decoding circuit 73 decodesthe encrypted digital data, which is supplied from the reproducingprocessing circuit 16 and which is encrypted in the encryption circuit13, to output the decoded digital data to the re-encrypting circuit 74.At step S34, the re-encrypting circuit 74 acquires the public key of thedevice of the destination of transmission. At step S35, there-encrypting circuit 74 re-encrypts the digital data, decrypted by thedecoding circuit 73, using the public key of the device of thedestination of transmission acquired. The communication I/F 20 sends there-encrypted digital data to the device of the destination oftransmission. That is, if the device of the destination of transmissionis the general-purpose equipment or if transmission is made to theserver device 3, the degree of safety is lower than in the case of stepS32. Consequently, the digital data is re-encrypted, using the publickey of the device of the destination of transmission and transmittedencrypted to maintain data safety in transmission.

[0101] If the decision circuit 72 at step S36 has determined that thedevice of the destination of digital data transmission is anunauthorized device, it inhibits the outputting of the digital data atstep S36. Alternatively, the decision circuit 72 at step S36 permitsonly the outputting in the analog signal form. In case of the analogoutputting, the decision circuit 72 sends digital data from thereproducing processing circuit 16 to the decoding circuit 75. Thedecoding circuit 75 decrypts the digital data, supplied from thereproducing processing circuit 16 and encrypted by the encryptioncircuit 13, for re-encryption, to output the decoded digital data to theD/A converter 76. As a result, the digital data converted into analogsignals are output from the device 70.

[0102] In the above-described recording and/or reproducing device 70,the digital data output from the device 70 is directly output, outputencrypted, or converted into analog signals and output in this form.That is, if the digital data is sent directly to the recording and/orreproducing device which is the same type as the recording and/orreproducing device 70 as the source of transmission, the degree ofsafety may be determined to be high because the data is beingtransmitted between the devices of the same type. Thus, the recordingand/or reproducing device 70 sends the encrypted digital data in thestorage unit 51 directly to the recording and/or reproducing device 2 bas the destination of transmission, without re-encrypting the outputdigital data, in order to shorten the transmission time. In thegeneral-purpose equipment, such as the personal computer, in which isinstalled the decoding software used in the present system, it may be anoccurrence that the software has been illicitly installed, such that thedegree of safety is lower than in the case of the digital datatransmission between the devices of the same type as discussed above.When digital data is transmitted through the server device 3 to therecording and/or reproducing device of the same type as the recordingand/or reproducing device 70 as the source of transmission, there is arisk that the digital data held by the server device 3 is downloaded bythe device which has illicitly accessed the server device 3, and hencethe degree of safety is lower than in case of digital data transmissionbetween the devices of the same type as described above. In such case,the recording and/or reproducing device 70 as the source of transmissionre-encrypts the output digital data, using the public key of the deviceof the destination of transmission, to maintain the degree of safety atthe time of or following the transmission of the digital data.

[0103] Although the case of transmitting encrypted digital data has beenexplained above, the RSA cryptogram or the elliptical cryptogram, as thepublic key cryptographic system, or the EKB or MJR, as the secret keysystem higher in encrypting speed than the public key system, may alsobe used as the specified methods for encryption. If, for example, therecording and/or reproducing device 70 as the source of transmission isof the same type as the recording and/or reproducing device as thedestination of transmission, the public key system with the highencryption speed may be used. On the other hand, the public key systemwith higher safety may be used in the data transmission to thegeneral-purpose equipment or in the digital data transmission throughthe server device 3.

[0104] In the above-described embodiments, it has been stated thatdigital data is transmitted without the processing of re-encryption incase the recording and/or reproducing devices 50, 60 and 70 as thesource of transmission are of the same type as the recording and/orreproducing device as the destination of transmission. It is howeverunnecessary for the device of the source of transmission to be of thesame type as the device of the destination of transmission. That is, itis only sufficient if the devices are provided at least with thefunctions of encryption and decoding shown in FIGS. 2 to 4.

[0105] A recording and/or reproducing device 80, in which theduplication management information of limiting the duplication ofdigital data as the copyright management data is included in the digitaldata sent from the recording and/or reproducing device 2 and in whichrecording of the digital data is limited based on this truantduplication prohibiting information, is now explained with reference tothe drawings.

[0106] This recording and/or reproducing device 80 includes an inputterminal 81, to which encrypted compressed digital data is input fromthe server device 3, as shown in FIG. 12. This recording and/orreproducing device 80 includes, as a recording system, a decodingcircuit 82, for decoding the encrypted digital data, an decompressingcircuit 83, for decompressing the compressed digital data, an extractionupdating circuit 84, for extracting and rewriting the truant duplicationinhibiting information from the digital data, a compression circuit 85for compressing the digital data, and an encrypting circuit 86 forencrypting the compressed digital data. This recording and/orreproducing device 80 includes, as the recording system, a recordingprocessing circuit 87 for recording processing the encrypted digitaldata and a storage unit 88 for storing the encrypted digital data.

[0107] The recording and/or reproducing device 80 includes, as areproducing system, a replay processing circuit 89, a decoding circuit90 for decrypting the digital data processed for reproduction by thereplay processing circuit 89, an decompressing circuit 91 fordecompressing the digital data from the decoding circuit 90, a D/Aconverter 92 for converting the digital signals from the decompressingcircuit 91 into analog signals, an analog output terminal 93 foroutputting the analog signals, and a digital output terminal 94 foroutputting the digital data upstream of the D/A converter 92. Therecording and/or reproducing device 80 also includes a system controller95 for controlling the overall operations.

[0108] To the input terminal 81 are input encrypted compressed digitaldata, such as audio or video data, or picture data, from the serverdevice 3 or from the recording and/or reproducing device. In thisdigital data, the SCMS (serial copy management system) information asthe duplication management information, as watermarked information. Thedecoding circuit 82 decrypts the decoded digital data, input at theinput terminal 81, as in the decoding circuits 19 and 22 shown in FIG.4, to extract the duplication management information contained in thedigital data to output the so extracted information to the decompressingcircuit 83. The decompressing circuit 83 expands the digital data,compressed in accordance with the ATRAC3 (Adaptive Transform AcousticCoding 3: trademark), MPEG-2AAC (Motion Picture Expert Group 2 AdvancedAudio Coding), MP3 (MPEG-1 Audio Layer 3), TwinVQ (Transform-DomainWeighted Interleave Vector Quantization: trademark), MS Audio (WMA:Windows Media Audio: trademark), or Ogg Vorbis (trademark), to outputthe expanded digital data to the extraction updating circuit 84.

[0109] The extraction updating circuit 84 extracts watermarks containedin the decoded expanded digital data to detect the SCMS information.This SCMS information is a duplication management flag provided in theleading two bits of the data. These two bits are comprised of [00](digital duplication permit), [10] (digital duplication inhibit) and[11] (permit digital duplication only once).

[0110] When the SCMS information is [00] or [11], the extractionupdating circuit 84 permits recording of digital data in the storageunit 88. When the SCMS information is [11], [11] is rewritten to [10].If the SCMS information is [10], the extraction updating circuit 84inhibits recording of digital data in the storage unit 88. Theextraction updating circuit 84 outputs the digital data, having theupdated SCMS information, to the compression circuit 85.

[0111] The duplication management information may be the CGMS (CopyGeneration management System) in place of being the SCMS information. Inthe case of the CGMS, two-bit CCI (Copy Control Information) of [11] (nodigital duplication permitted), [10] (no further digital duplicationpermitted), [01] (digital duplication is permitted only once] and [00](digital duplication allowed freely), are embedded in the digital data.Of course, the duplication management information is not limited to SGMSnor to CGMS.

[0112] The compression circuit 85 compresses the digital data inaccordance with any one of the systems of ATRAC3, MPEG-2AAC, MP3,TwinVQ, MS Audio and Ogg Vorbis to output the results to the recordingprocessing circuit 87. The recording processing circuit 87 applies errorcorrection coding or modulation to the input data. The data processedfor recording by the recording processing circuit 87 is recorded, by ahead unit of, for example, a magnetic head or an optical pickup, on arecording medium, forming a storage unit 88, such as a hard disc, arecordable optical disc or a magneto-optical disc. It should be notedthat the storage unit 88 may be enclosed in the main body unit of thedevice 80 or may be removably mounted on the main body unit of thedevice 80.

[0113] The data stored in the storage unit 88 is read out by the headunit of the magnetic head or the optical pickup so as to be output tothe replay processing circuit 89. The replay processing circuit 89binary-encodes the output signal read out from the storage unit 88 tomodulate or error-correct the binary signals to output the resultingsignals to the decoding circuit 90. The decoding circuit 90 decrypts theencrypted digital data output from the replay processing circuit 89 tooutput the decoded data to the decompressing circuit 91.

[0114] The decompressing circuit 91 expands the compressed digital datafrom the compression circuit 85 in accordance with ATRAC3, MPEG-1AAC,MP3, TwinVQ, MS Audio or Ogg Vorbis, to output the resulting data to theD/A converter 92 or to the digital output terminal 94. The D/A converter92 converts the digital signals output from the decompressing circuit 91into analog signals which are output to the analog output terminal 93.To the analog output terminal 93 is connected e.g., a loudspeaker whichtransduces the analog signals output from the output terminal 93 toproduce the output audio sound.

[0115] The system controller 95 controls the overall device. Forexample, if the SCMS information, extracted and detected from the inputdigital data is [00], [11], the system controller 95 controls therecording processing circuit 87 to record the digital data in thestorage unit 88. If the detected SCMS information is [10], the systemcontroller 95 controls the recording processing circuit 87 to inhibitthe recording of the digital data on the storage unit 88. If the SCMSinformation is [11], the system controller 95 controls the extractionupdating circuit 84 to rewrite [11] to [10].

[0116] In the system employing the recording and/or reproducing device80, the digital data, such as the audio data, encrypted in accordancewith the aforementioned preset systems, are uploaded from the recordingand/or reproducing device of the same type as the recording and/orreproducing device 80 as the source of transmission to the server device3. In thus encrypted digital data is embedded the aforementioned SCMSinformation. If the so uploaded digital data is the data which allowsthe digital duplication freely, the SCMS information, embedded in thedigital data, is set to [00], whereas, if the uploaded digital data isdata which allows digital duplication only once, the SCMS information isset to [11]. If the uploaded digital data is data which inhibits digitalduplication, the SCMS information is set to [10]. On receipt of theencrypted digital data from the recording and/or reproducing device asthe source of transmission, the server device 3 transiently directlystores the data in a storage unit formed by e.g., a hard disc. That is,the server device 3 does not have the function of decoding andreproducing the encrypted digital data. Consequently, the server device3 lacks in the possibility of decoding and reproducing the digital datastored in the storage unit, even in future, so that the SCMS informationis not updated.

[0117] Referring to FIG. 13, the recording and/or reproducing device 80as the destination of transmission accesses the server device 3 todownload a desired portion of the digital data stored in the serverdevice 3 the digital data downloaded to the device of the destination oftransmission is input to the decoding circuit 82. Since the recordingand/or reproducing device as the destination of transmission is of thesame structure as the recording and/or reproducing device 80, theoperation of the device of the destination of transmission is explainedusing the same reference numerals as those shown in FIG. 12. The systemcontroller 95 at step S41 checks to see if the downloaded digital datais decodable by the decoding circuit 82. If the downloaded digital datais decodable, the system controller 95 proceeds to step S42 and, ifotherwise, the system controller 95 proceeds to step S46. Since thedigital data held by the server device 3 has been encrypted based on theinnate key of the device of the destination of transmission, that is therecording and/or reproducing device 80, the decoding circuit 82 decryptsthe digital data input from the input terminal 81, based on the innatekey of the device 80, and the results are sent to the system controller95, by way of executing the decision step S41.

[0118] On decoding the downloaded digital data, the decoding circuit 82outputs the decoded digital data to the decompressing circuit 83, whichdecompressing circuit 83 then decompresses the digital data suppliedfrom the decoding circuit 82 to output the resulting data to theextraction updating circuit 84. The extraction updating circuit 84extracts the watermark, inclusive of the SCMS information, from thedigital data supplied from the decompressing circuit 83, to input theextracted SCMS information to the system controller 95. The systemcontroller 95 at step S42 checks to see if the SCMS information suppliedis [00], [11] or [10].

[0119] Based on the read-out results of the SCMS information at stepS42, the system controller 95 at step S43 controls the recordingprocessing circuit 87 so that, if the SCMS information is [00], digitaldata will be recorded in the storage unit 88.

[0120] The system controller 95 at step S44 controls the recordingprocessing circuit 87 so that, if the SCMS information is [11],recording the digital data in the storage unit 88 will be allowed, whilecontrolling the extraction updating circuit 84 to rewrite the SCMSinformation from [11] to [10]. Moreover, based on a command from thesystem controller 95, the extraction updating circuit 84 rewrites theSCMS information from [11] to [10].

[0121] If the recording to the storage unit 88 is permitted at stepsS43, S44, data of the extraction updating circuit 84 is sent to thecompression circuit 85, which compression circuit 85 re-compresses thedigital data to output the resulting data to the encrypting circuit 86.The encrypting circuit 86 re-encrypts the data in accordance with apreset system to output the resulting re-encrypted data to the recordingprocessing circuit 87. The recording processing circuit 87 performs theprocessing necessary for recording to send the resulting data to thestorage unit 88, which storage unit 88 records the encrypted compresseddigital data on the recording medium of the storage unit 88 based on theoutput of the recording processing circuit 87.

[0122] When the SCMS information is [10], the system controller 95 atstep S45 controls the recording processing circuit 87 to inhibit therecording of the digital data in the storage unit 88. At this time, therecording processing circuit 87 displays an alarm on, for example, adisplay unit, that digital data cannot be recorded.

[0123] If the system controller 95 has determined at step S41 that thecryptogram applied to the digital data supplied by the decoding circuit82 cannot be decoded, the system controller 95 at step S46 directlyoutputs the data to the recording processing circuit 87. The recordingprocessing circuit 87 applies necessary processing for recording to thedigital data. The storage unit 88 records encrypted compressed digitaldata on a recording medium forming the storage unit 88.

[0124] When the encrypted compressed digital data, recorded in thestorage unit 88 in the processing of steps S43 or S44, is to bereproduced, the digital data stored in the storage unit 88 is read outfrom the storage unit 88 and processed for replay by the replayprocessing circuit 89 so as to be output to the decoding circuit 90 ofthe reproducing system. The decoding circuit 90 decodes the output dataof the replay processing circuit 89 to send the resulting data to thedecompressing circuit 91. The decompressing circuit 91 decompresses thecompressed digital data to output the decompressed data to the D/Aconverter 92 or to the digital output terminal 94. The D/A converter 92converts the digital signals supplied from the decompressing circuit 91into analog signals which are output through analog output terminal 93to for example the loudspeaker.

[0125] In the above-described system employing the recording and/orreproducing device 80 shown in FIG. 12, the SCMS information is notupdated in the server device 3 unable to decode the encrypted digitaldata, and the SCMS information is updated when the digital data isdownloaded to a recording and/or reproducing device which is of the sametype as the replay enabling recording and/or reproducing device 80 asthe source of transmission. Consequently, with the present system, thepre-existing duplication management information can be managed even incases wherein the digital data is transmitted or received over thenetwork 5.

[0126] According to the present invention, the processing executed inthe recording and/or reproducing device 2 and that executed in therecording and/or reproducing device 80 can be combined together. Thatis, when the digital data including the duplication managementinformation is to be sent through the server device 3 to the device ofthe destination of transmission, the recording and/or reproducing deviceas the source of transmission may acquire the innate key of the deviceof the destination of transmission to encrypt the digital data using theso acquired innate key to send the encrypted digital data to the deviceof the destination of transmission. Since the server device does nothave the reproducing function, it may not update the duplicationmanagement information. The recording and/or reproducing device as thedestination of transmission may update the duplication managementinformation in case it is able to decode the received digital data.

INDUSTRIAL APPLICABILITY

[0127] According to the present invention, in which, when encrypted datarecorded on the recording medium is sent to the server device, anattempt is made to authenticate the device of the destination oftransmission and, when the device of the destination of transmission hasbeen authenticated, the encrypted data recorded on the recording mediumis decoded and re-encrypted with the aid of the innate key data acquiredfrom the device of the destination of transmission so as to be sent tooutputting means. Consequently, when the data is transiently stored inthe server device and downloaded to a terminal device of an unauthorizedthird party, it is prohibited from being reproduced to protect thecopyright.

[0128] Moreover, according to the present invention, if truantduplication inhibiting information is included in data downloaded fromthe server device, the truant duplication inhibiting information isextracted and updated by extraction updating means only when the data isrecorded on a replay enabling device to manage the preexisting truantduplication inhibiting information.

1. A data transmission device comprising: a storage unit for storage ofencrypted data; an authentication unit for authenticating a device whichis to be the destination of transmission; and a re-encryption unit fordecoding the data read out from said storage unit and for re-encryptingthe decoded data; wherein when said device which is to be thedestination of transmission has been authenticated by saidauthentication unit, the data read out from said storage unit isdecoded, and wherein the so decoded data is re-encrypted using innatekey data acquired from said device which is to be the destination oftransmission as authenticated by said authentication device; the sore-encrypted data being output to said device which is to be thedestination of transmission.
 2. The data transmission device accordingto claim 1 wherein if the device which is to be the destination oftransmission has not been authenticated by said authentication unit,outputting of the data read out from said storage unit is inhibited. 3.The data transmission device according to claim 1 further comprising: anoutput unit supplied with output data from said re-encryption unit; anda selection unit for selectively supplying data read out from saidstorage unit to one of said re-encryption unit and said output unit. 4.The data transmission device according to claim 3 wherein, if the devicewhich is to be the destination of transmission has not beenauthenticated, said selection unit sends data read out from said storageunit to said output unit.
 5. The data transmission device according toclaim 3 wherein, if the device which is to be the destination oftransmission has not been authenticated by said authentication unit tobe a device directly supplied with data from the transmission device,said selection unit sends the data read out from the storage unit tosaid output unit.
 6. The data transmission device according to claim 1wherein said re-encryption unit includes a decoding unit for decodingthe data read out from said storage unit and a re-encryption circuit forre-encrypting output data from said decoding unit using innate key dataacquired from the device authenticated by said authentication unit. 7.The data transmission device according to claim 1 wherein saidre-encryption unit re-encrypts a data part, excluding a header, of thedata read out from said storage unit.
 8. The data transmission deviceaccording to claim 1 wherein said authentication unit includes a firstauthentication circuit unit and a second authentication circuit unit; ifthe device which is to be the destination of transmission has not beenauthenticated by said first authentication circuit unit, said devicewhich is to be the destination of transmission is authenticated by saidsecond authentication circuit unit; and wherein, if said device which isto be the destination of transmission has been authenticated by saidsecond authentication circuit unit, the decoded data is re-encryptedusing innate key data acquired from the device which is to be thedestination of transmission as authenticated by said secondauthentication circuit unit to output the re-encrypted data to saiddevice which is to be the destination of transmission.
 9. The datatransmission device according to claim 8 wherein, if the device which isto be the destination of transmission has not been authenticated by saidsecond authentication circuit unit, outputting of the data read out fromthe storage unit is inhibited.
 10. The data transmission deviceaccording to claim 8 further comprising: an outputting unit to whichoutput data from said re-encrypting unit is supplied; and a selectionunit for selectively supplying the data read out from the storage unitto said re-encrypting unit or to said outputting unit based on theresults of authentication by said first authentication circuit unit. 11.The data transmission device according to claim 10 wherein saidselection unit sends data read out from said storage unit to saidre-encryption unit if said device which is to be the destination oftransmission has not been authenticated by said first authenticationcircuit unit.
 12. The data transmission device according to claim 10wherein if said device which is to be the destination of transmissionhas been authenticated by said first authentication circuit unit to be adevice directly supplied with data from the transmission device, saidselection unit outputs the data read out from said storage unit to saidoutputting unit.
 13. The data transmission device according to claim 10further comprising: a further selection unit provided between saidselection unit and the re-encryption unit, said further selection unitbeing changed over by said second authentication circuit unit.
 14. Thedata transmission device according to claim 1 further comprising: adecision unit for checking, based on the results of authentication bysaid authentication unit, whether or not the data read out from saidstorage unit is to be supplied to said re-encryption unit.
 15. The datatransmission device according to claim 14 wherein said decision unitsends data read out from said storage unit to said re-encryption unitwhen the device which is to be the destination of transmission has beenauthenticated by said authentication unit.
 16. The data transmissiondevice according to claim 15 further comprising: an outputting unitsupplied with output data from said re-encryption unit; wherein if thedevice which is to be the destination of transmission has beenauthenticated by said authentication unit to be a device to which datais directly transmitted from said transmission device, the data read outfrom the storage unit is sent to said output unit.
 17. The datatransmission device according to claim 15 further comprising: a decodingunit for decoding data read out from said storage unit and a converterfor converting an output signal of said decoding unit into analogsignals; said decision unit sending the data read out from said storageunit to said decoding unit if the device which is to be the destinationof transmission has not been authenticated by said authentication unit.18. A data transmitting method comprising: authenticating a device whichis to be the destination of transmission; decoding encrypted data readout from a storage unit if said device which is to be the destination oftransmission has been authenticated; re-encrypting the decoded databased on innate key data acquired from said device which is to be thedestination of transmission; and sending the re-encrypted data to saiddevice which is to be the destination of transmission.
 19. The datatransmitting method according to claim 18 wherein, if the device whichis to be the destination of transmission has not been authenticated,outputting of the data read out from said storage unit is inhibited. 20.The data transmitting method according to claim 18 wherein, if thedevice which is to be the destination of transmission has not beenauthenticated, the data read out from the storage unit is directlyoutput.
 21. The data transmitting method according to claim 18 wherein,if the device which is to be the destination of transmission has beenauthenticated to be a device capable of direct data transmission withthe device of the source of transmission, the encrypted data read outfrom said storage unit is output to said device which is to be thedestination of transmission.
 22. The data transmitting method accordingto claim 18 wherein the data part of the data read out from said storageunit except the header is re-encrypted.
 23. The data transmitting methodaccording to claim 21 wherein it is authenticated whether a device whichis to be the destination of transmission is capable of direct datatransmission with a device of the source of transmission, wherein, ifthe device which is to be the destination of transmission has beenauthenticated not to be a device capable of direct data transmissionwith the device of the source of transmission, it is authenticatedwhether or not the device which is to be the destination of transmissionmeets preset conditions; if the device which is to be the destination oftransmission has been authenticated to be a device meeting said presetcondition, the decoded data is re-encrypted, using an innate key dataacquired from said device which is to be the destination oftransmission, and the resulting re-encrypted data is sent to said devicewhich is to be the destination of transmission.
 24. The datatransmitting method according to claim 23 wherein, if the device whichis to be the destination of transmission has been authenticated not tobe a device meeting said preset condition, outputting of data read outfrom said storage unit is inhibited.
 25. A data outputting methodcomprising: authenticating a device which is to be the outputtingdestination; checking whether or not said device which is to be theoutputting destination has been authenticated; and selecting outputtingof encrypted data read out from the storage unit based on said resultsof authentication.
 26. The data outputting method according to claim 25wherein the data read out from the storage unit is discriminated, basedon the results of authentication of the device which is to be theoutputting destination, as to whether or not the data is to bere-encrypted.
 27. The data outputting method according to claim 26wherein, if a device of outputting destination is determined to be anauthenticated device, data read out from said storage unit isre-encrypted and output.
 28. The data outputting method according toclaim 27 wherein the encrypted data read out from said storage unit isdecoded and wherein the decoded data is re-encrypted based on innate keydata acquired from said device of outputting destination and is outputto said device of outputting destination.
 29. The data outputting methodaccording to claim 27 wherein the data part of the data read out fromsaid storage unit is re-encrypted except the header.
 30. The dataoutputting method according to claim 25 wherein, if the authenticationis determined to have been made such that the device of outputtingdestination is authenticated to be a device to which data can be outputdirectly, the encrypted data read out from said storage unit is outputto said device of outputting destination.
 31. The data outputting methodaccording to claim 25 wherein, if the device of outputting destinationis determined to have been not authenticated, outputting of the dataread out from the storage unit is inhibited.
 32. The data outputtingmethod according to claim 25 wherein, if the device of outputtingdestination is determined to have been not authenticated, the data readout from said storage unit is decoded and the so decoded data isconverted into analog signals which are output.
 33. A recording methodwherein data encrypted based on innate key data of a device which is tobe the destination of transmission is input; data relevant to conditionsof duplication are extracted from the decoded data when the input datahas been decoded; and the operation of storing the decoded data in arecording unit is controlled based on said extracted data relevant toconditions of duplication.
 34. The recording method according to claim33 wherein, if the data has not been decoded, the input data is recordedin said recording unit.
 35. The recording method according to claim 33wherein, if the extracted data relevant to conditions of duplicationpermit duplication of said input data only once, the decoded datarelevant to the conditions of duplication is rewritten to data relevantto conditions of duplication indicating duplication inhibition to thenrecord the data relevant to conditions of duplication indicatingduplication inhibition in said recording unit.
 36. The recording methodaccording to claim 35 wherein recording in said recording unit is madeafter re-encryption.
 37. The recording method according to claim 33wherein, if the extracted data relevant to the conditions of duplicationinhibits duplication of the input data, recording of the decoded data insaid recording unit is inhibited.
 38. A recording device comprising: adecoding unit supplied with encrypted data based on innate key data of adevice which is to be the destination of transmission; an extractionunit for extracting data relevant to the conditions of duplication fromoutput data from said decoding unit; a recording unit in which decodeddata is recorded; and a controller supplied with the decoded resultsfrom said decoder and with the data relevant to conditions ofduplication, extracted by said extraction unit, said controllercontrolling the operation of storage in a recording unit of said decodeddata, based on the data relevant to conditions of duplication asextracted by said extraction unit.
 39. The recording device according toclaim 38 wherein said controller records said input data in saidrecording unit when said input data has not been decoded.
 40. Therecording device according to claim 38 wherein, if said extracted datarelevant to conditions of duplication permit duplication of the inputdata only once, said controller rewrites the data relevant to conditionsof duplication as decoded to data relevant to conditions of duplicationindicating duplication inhibition to record the rewritten data in saidrecording unit.
 41. The recording device according to claim 40 furthercomprising an encryption unit provided between said decoding unit andsaid recording unit and supplied with output data from said decodingunit.
 42. The recording device according to claim 38 wherein, if saidextracted data relevant to conditions of duplication inhibitsduplication of said input data, recording of said decoded data in saidrecording unit is inhibited.
 43. A method for generating encoded datacomprising: encrypting content data of input digital data based on firstkey data; encrypting said first key data based on second key datagenerated using device-specific key data to generate encrypting keydata; and generating encrypted data comprised at least of said encryptedcontent data and said key data.
 44. The method for generating encodeddata according to claim 43 wherein said first key data is furtherencrypted based on a function generated based on a random number. 45.The method for generating encoded data according to claim 43 whereinsaid second key data is generated from device-specific key data andcommon key data.
 46. The method for generating encoded data according toclaim 45 wherein said encoded data includes said random number and thecommon key data.
 47. The method for generating encoded data according toclaim 46 wherein said encoded data includes header data of said contentdata and wherein said header data is non-encrypted data.
 48. A methodfor decoding encrypted data comprising: generating second key data bydevice-specific key data and common key data read out from encrypteddata comprised of a random number supplied to a device, said common keydata, encrypted key data and encrypted content data; decoding saidencrypted key data based on the second key data generated and saidrandom number to generate first key data; and decoding said encryptedcontent data based on the first key data generated.
 49. A recordingand/or reproducing device comprising: an encryption unit for encryptingsupplied data; a storage unit in which the data encrypted by saidencryption unit is stored; an authentication unit for authenticating adevice which is to be the destination of transmission; a replayprocessing unit for replay processing data read out from said storageunit; and a re-encryption unit for decoding output data from said replayprocessing unit for re-encrypting the decoded data; wherein if saiddevice which is to be the destination of transmission has beenauthenticated by said authentication unit, the data read out from saidstorage unit is decoded by said re-encryption unit; said decoded databeing re-encrypted using innate key data acquired from said device whichis to be the destination of transmission and which has beenauthenticated by said authentication unit; the re-encrypted data beingoutput to said device which is to be the destination of transmission.50. The recording and/or reproducing device according to claim 49wherein outputting of output data from said replay processing unit isinhibited if said device which is to be the destination of transmissionhas not been authenticated by said authentication unit.
 51. Therecording and/or reproducing device according to claim 49 furthercomprising an output unit supplied with output data from saidre-encryption unit and a selection unit for selectively supplying outputdata from said replay processing unit to one of said re-encryption unitand said output unit based on the results of authentication by saidauthentication unit.
 52. The recording and/or reproducing deviceaccording to claim 51 wherein, if said device which is to be thedestination of transmission has not been authenticated by saidauthentication unit, output data from said replay processing unit issent to said output unit.
 53. The recording and/or reproducing deviceaccording to claim 51 wherein, if said device which is to be thedestination of transmission has been authenticated by saidauthentication unit as being a device to which data can be directlytransmitted from said transmission device, output data from said replayprocessing unit is sent to said output unit.
 54. The recording and/orreproducing device according to claim 49 wherein said re-encryption unitincludes a decoding unit for decoding output data from said replayprocessing unit and a re-encryption circuit unit for re-encryptingoutput decoded data from said decoding unit using innate key dataacquired from a device authenticated by said authentication unit. 55.The recording and/or reproducing device according to claim 49 whereinsaid re-encryption unit encrypts a data part of output data from saidreplay processing unit except a header.
 56. The recording and/orreproducing device according to claim 49 wherein said authenticationunit includes a first authentication circuit unit and a secondauthentication circuit unit; wherein, if the device which is to be thedestination of transmission has not been authenticated by said firstauthentication circuit unit, said device which is to be the destinationof transmission is authenticated by said second authentication circuitunit; and wherein, if said device which is to be the destination oftransmission has been authenticated by said second authenticationcircuit unit, the decoded data is re-encrypted using innate key dataacquired from the device which is to be the destination of transmissionauthenticated by said second authentication circuit unit to output there-encrypted data to said device which is to be the destination oftransmission.
 57. The data transmission device according to claim 56wherein, if the device which is to be the destination of transmissionhas not been authenticated by said second authentication circuit unit,outputting of the data read out from the storage unit is inhibited. 58.The data transmission device according to claim 56 further comprising anoutput unit supplied with output data from said re-encryption device anda selection unit for selectively supplying output data from said replayprocessing unit to one of said re-encryption unit and said output unitbased on the results of authentication by said first authenticationcircuit unit.
 59. The data transmission device according to claim 58wherein, if said device which is to be the destination of transmissionhas not been authenticated by said first authentication circuit unit,said selection unit sends output data from said replay processing unitto said re-encryption unit.
 60. The data transmission device accordingto claim 58 wherein, if said device which is to be the destination oftransmission has been authenticated by said first authentication circuitunit as being a device to which data is directly transmitted from thetransmission device, said selection unit sends output data from saidreplay processing unit to said output unit.
 61. The data transmissiondevice according to claim 58 further comprising a further selection unitprovided between said selection unit and said re-encryption unit andchanged over by said second authentication circuit unit.
 62. The datatransmission device according to claim 49 further comprising a decisionunit for determining, based on the results of authentication from saidauthentication unit, whether or not output data from said replayprocessing unit is to be supplied to said re-encryption unit.
 63. Thedata transmission device according to claim 49 wherein, when said devicewhich is to be the destination of transmission has been authenticated bysaid authentication unit, said decision unit sends output data from saidreplay processing unit to said re-encryption unit.
 64. The datatransmission device according to claim 63 further comprising an outputunit supplied with output data from said re-encryption unit; saiddecision unit sending output data from the replay processing unit tosaid output unit when said device which is to be the destination oftransmission has been authenticated by said authentication unit to be adevice to which data is directly transmitted from the transmissiondevice.
 65. The data transmission device according to claim 63 furthercomprising a decoding unit for decoding output data from said replayprocessing unit and a converting unit for converting an output signalfrom said decoding unit into analog signals; said decision unit sendingoutput data from said replay processing unit to said decoding unit ifsaid device which is to be the destination of transmission has not beenauthenticated by said authentication unit.